As digital assets transition from speculative investments to legitimate components of institutional portfolios, sophisticated investors face unprecedented challenges in reconciling traditional fiduciary responsibilities with the evolving regulatory landscape of cryptocurrency and decentralized finance. The integration of digital assets into multi-billion dollar institutional portfolios requires not only technical expertise but also deep understanding of compliance frameworks that were designed for traditional securities markets.

In this insightful Q&A, Tyler Kirk, managing attorney at Sabal Law and former General Counsel for a family office with over $10 billion in assets under management, shares his perspective on the complex intersection of institutional investment management and digital asset integration. Having recently launched his boutique law firm focusing on venture capital, private equity, and private fund formation, Tyler brings unique insights from both the regulatory compliance side and the capital allocation perspective of major institutional investors.

Tyler's responses address three critical areas facing institutional investors in the digital asset space: the fundamental legal and structural considerations for integrating cryptocurrencies into traditional portfolios while maintaining fiduciary standards under current SEC and CFTC frameworks, the practical challenges of building compliance architectures that accommodate both traditional securities and digital assets under the Investment Advisers Act, and the evolving policy landscape that will shape institutional participation in crypto markets. His analysis reflects the reality that successful digital asset integration requires not just understanding new technologies, but reimagining compliance frameworks to address the unique operational requirements of decentralized finance while maintaining the highest standards of institutional stewardship.

1. Institutional Digital Asset Integration and Regulatory Framework

a. As the managing attorney at your own boutique law firm and the former General Counsel for a major institutional investor managing over $10 billion in AUM, how do you approach the integration of digital assets into traditional institutional portfolios from both a regulatory compliance and fiduciary duty perspective?

b. Given your experience with complex transactions in the $900M+ range, what are the key legal and structural considerations when institutions are evaluating direct cryptocurrency investments, crypto fund allocations, or blockchain-based alternative investments under current SEC and CFTC frameworks?

Whether my client is an investment manager or an allocator of capital, keeping the standard of conduct to which they will be held accountable front and center of everything they do is an inviolable tenet of asset management. The sources of these standards are federal and state law and they are forms of fiduciary duty and the prudent investor standard. Once the decision has been made that your portfolio will have direct or indirect exposure to digital assets, you must have a strategy to stay abreast of the latest technological and regulatory  developments of digital assets. 3 – 6 months in DeFi feels like 3 – 6 years in TradFi. So, it’s important to have a robust strategy and compliance program that addresses: (a) whose job is it to stay on top of technological and regulatory developments, (b) how does the rest of your team then learn about such developments, e.g., annual training or ad hoc e-mail alerts, (c) what is the vetting and due diligence strategy for assessing whether you need new service providers and how do you pick those new service providers, and (d) have robust disclosure written in plain English, i.e., say what you are going to do and do what you say. 

For many years the regulatory environment in the U.S. was extremely hostile to digital assets as an asset class. This hostility cast a long shadow. What I mean is, from an allocators perspective, many investors were unwilling to invest directly in digital asset projects or managers whose funds primarily or exclusively focused on digital assets because the regulatory risk presented structural risk and not asset risk. This also fed into confirmation bias. 

Many allocators are fine taking asset risk, the normal market risk that the asset will decline in value. But when an investment manager offers a product wrapped in a novel structure or regulatory uncertainty, don’t be surprised when allocators take a pass. So my advice to my clients is to take a new asset class, like digital assets, and demystify the investment by working through the structural risk so what’s left is the more familiar asset risk. The top 3 candidates for that analysis are custody, bankruptcy, and tax. How will the digital assets be held? Who will have access to them? What happens to them in the event the issuer goes bankrupt? What happens to them if the custodian goes bankrupt? How are sponsors and investors being taxed? Are non-US persons exposed to effectively connected income? 

There is not much you can do about regulatory uncertainty; that has to be resolved through the political processes and challenges under statutes like the Administrative Procedures Act. Thankfully, we are in an environment where the U.S. regulatory risk is trending towards being resolved.

2. Compliance Architecture for Digital Asset Operations

a. You've developed robust regulatory compliance programs for investment advisers and family offices. How do you structure compliance frameworks that can accommodate both traditional securities and digital assets under the Investment Advisers Act, particularly regarding custody rules, best execution, and anti-money laundering requirements under the Bank Secrecy Act? 

b. What specific challenges do you see in reconciling traditional compliance architectures with the unique operational requirements of cryptocurrency and DeFi exposures?

To structure compliance frameworks accommodating both traditional securities and digital assets under the Investment Advisers Act, particularly the Custody Rule, best execution, and AML requirements, investment advisers must integrate robust, adaptable policies that address the unique characteristics of each asset class while meeting regulatory best practices. For custody, the Custody Rule requires client funds and securities to be held by a qualified custodian (e.g., banks, registered broker-dealers, or futures commission merchants) in segregated accounts, with quarterly account statements and annual independent verification by a PCAOB-registered accountant. For digital assets, advisers can leverage qualified custodians like Coinbase Custody or Anchorage Digital, ensuring segregation and security of private keys. But no matter who you use, require written confirmation that the custodial service you are subscribing for qualifies as a QC within the meaning of the Advisers Act. Notably, this means many investment managers and allocators will end up with multiple custodial relationships, which adds complexity and risk. To minimize this risk, I expect to see traditional custodial players adding digital asset custody to their suite of QC services while new players like Coinbase will be adding the ability to be a QC for traditional securities. 

Best execution obligations, derived from fiduciary duties under Section 206, require advisers to seek optimal trade execution, which for digital assets involves navigating decentralized exchanges (DEXs) and ensuring transparency in volatile markets. The general concept of best-ex doesn’t change exclusively because of digital assets, but market norms and customs are arguably still developing. Disclosure is therefore key for investment managers. 

For certain entities, AML compliance under the BSA mandates customer identification, suspicious activity reporting, and risk-based monitoring, which can be challenging for pseudonymous digital assets. FinCEN recently postponed the effective date of the AML rule for investment advisers to 2028. The impact on advisers with SMAs is significant, but likely muted for private fund managers. This is because many investment managers to private funds are subject to the expectation from their LP-base that they already have an AML program in place. This gets revealed through the ODD process and enforced through contract, either via the LPA or side letters. But regardless of your regulatory obligation, say what you're going to do then do what you say. The SEC will hold an investment adviser accountable for failing to implement an AML program the adviser said it had, even if the law doesn't require it.

Reconciling traditional compliance architectures with the operational requirements of cryptocurrency and decentralized finance (DeFi) exposures presents challenges due to the unique characteristics of digital assets and the evolving regulatory landscape. Custody under the Advisers Act is complicated by the lack of traditional qualified custodians for certain digital assets, particularly in DeFi, where assets may be held in non-custodial wallets or smart contracts, raising questions about compliance with segregation and verification requirements (17 CFR 275.206(4)-2(a)(1) and (a)(4)). Where a technically precise compliance solution is not available, as has often been the case in the U.S. since the Bitcoin white paper was published in November 2008, clients can abstain or build their own guardrails that achieve the equivalent investor protections. There is risk, however, that a regulator will disagree.

Best execution is challenging in DeFi due to fragmented liquidity across DEXs, high volatility, and the need to assess gas fees and slippage, which differ from traditional market structures. Additional challenges include regulatory uncertainty, as the SEC has work to do to provide clear guidance on digital asset classification. Further, the technical complexity of auditing DeFi smart contracts, which may not align with the annual audit requirements of the Custody Rule, is another challenge. Advisers should adopt flexible, technology-driven compliance solutions, such as real-time transaction monitoring and specialized custodial arrangements, while advocating for regulatory clarity to bridge these gaps.

Policy Influence and Strategic Positioning for Institutional Crypto Adoption

a. As one of the select attorneys shaping financial policy on digital assets and blockchain, how do you see the regulatory landscape evolving to accommodate institutional participation in crypto markets? 

b. From your experience in both federal government and private practice, what policy developments do you anticipate will be most significant for large institutional investors, and how should institutions position themselves strategically while regulatory frameworks continue to develop? Additionally, how do you integrate insights from cryptography and cybersecurity into your legal risk assessments?

I’ll address both of these subparts together. Starting first with cryptography and cybersecurity. Investment managers and allocators must stay abreast of the latest thinking in cryptography given this technology is one of the core building blocks of DeFi. For example, as quantum computing comes online, quantum resistant cryptography and protocols will need to be adopted and incorporated into digital asset ecosystems. With respect to cybersecurity, even if you implement best practices like single-use complex passwords, multi-factor authentication, and VPNs, your weakest and strongest cybersecurity measure is your people. Train them and find creative ways to reward high-quality cyber hygiene. 

For at least the next 4 years, the U.S. regulatory landscape is trending towards a state of collaboration between industry and regulators at the federal level and a potential mixed bag at the state level, depending on the view points of state AGs. Some state AGs may decide to find ways to pick up the mantle where the last SEC chairman left off. Stay tuned there. 

The flurry of guidance that has come out of the SEC in 2025 has started to burn-off the regulatory fog and reveal paths forward to compliance. I would even go back to 2024 and point out that the eToro USA LLC settlement in September of 2024 was a tacit public recognition that Bitcoin, Bitcoin Cash, and Ether are not securities, which most securities attorneys felt comfortable concluding. The efforts to address status issues by the Division of Corporation Finance , in particular with respect to proof of work and 4 types of staking, are opening up lanes for founders of really creative projects. One such project I have been personally watching for years now has been Helium. 

At the end of the day though, the Shakespeare rule of securities law always applies, a security by any other name is still a security. Substance matters and lawyer shopping for the advice you want instead of the advice you need is not a good idea.

Want to contribute to our Q&A series? If you're a legal expert in the web3/AI space and would like to share your expertise by joining our Q&A series, please reach out to hi@databirdjournal.com